Term · 32. Workload Identity & Cloud-native
OIDC for Cloud (Workload OIDC)
Definition
Pattern using OIDC tokens issued by cloud platforms (AWS IRSA, Azure Workload Identity, GCP Workload Identity Federation) to authenticate workloads to other services. Replaces long-lived secrets — workloads use short-lived OIDC tokens, federated to receiving services. Foundation of «secretless» cloud architectures.
- Synonyms
-
- Workload OIDC
- OIDC-based cloud auth
- Application
- Regulatory: CNCF — SPIFFE / SPIRE specs · IETF RFC (e.g., 7519 JWT, 6749 OAuth 2.0)
- Standards & regulations
-
- CNCF
- IETF
Related terms
-
Ephemeral Credentials
Credentials with very short lifetime (minutes) issued just-in-time and revoked after use. Replaces long-lived secrets in …
-
Ephemeral Identity
Workload or AI agent identity with very short lifetime — created on-demand for a specific task or session, destroyed whe …
-
Cluster Identity
Identity assigned to a Kubernetes cluster or cluster-level service — used for authentication to external services (cloud …
-
DPoP (Demonstration of Proof of Possession) (DPoP)
Demonstration of Proof-of-Possession — IETF RFC 9449, OAuth 2.0 mechanism binding an access token to a private key held …
-
FAPI 2.0 (Financial-grade API) (FAPI 2.0)
OpenID Foundation Financial-grade API Security Profile 2.0 — high-security authorization profile for financial APIs (ope …
-
Identity Federation
Trust arrangement letting an identity authenticated in one domain (Identity Provider) access resources in another (Relyi …